6.2.2

DATE	CVE	VULNERABILITY TITLE	RISK
2021-01-11	CVE-2020-17509	HTTP Request Smuggling vulnerability in Apache Traffic Server ATS negative cache option is vulnerable to a cache poisoning attack. network apache CWE-444	4.3
2021-01-11	CVE-2020-17508	Information Exposure vulnerability in Apache Traffic Server The ATS ESI plugin has a memory disclosure vulnerability. network low complexity apache CWE-200	5.0
2020-06-24	CVE-2020-9494	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread. network low complexity apache debian CWE-119	5.0
2020-04-27	CVE-2020-9481	Resource Exhaustion vulnerability in multiple products Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack. network low complexity apache debian CWE-400	5.0
2020-03-23	CVE-2020-1944	HTTP Request Smuggling vulnerability in multiple products There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. network low complexity apache debian CWE-444 critical	9.8
2020-03-23	CVE-2019-17565	HTTP Request Smuggling vulnerability in multiple products There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. network low complexity apache debian CWE-444 critical	9.8
2020-03-23	CVE-2019-17559	HTTP Request Smuggling vulnerability in multiple products There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing. network low complexity apache debian CWE-444 critical	9.8
2019-10-22	CVE-2019-10079	Allocation of Resources Without Limits or Throttling vulnerability in Apache Traffic Server Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. network low complexity apache CWE-770	7.5
2019-08-13	CVE-2019-9518	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. network low complexity apple apache canonical debian synology fedoraproject opensuse redhat oracle mcafee nodejs CWE-770	7.5
2019-08-13	CVE-2019-9517	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. network low complexity apple apache canonical debian synology fedoraproject opensuse redhat oracle mcafee netapp nodejs CWE-770	7.5